CVE-2022-41963

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-41963

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41963.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-41963

Aliases

GHSA-v6p9-926c-6qfp

Published

2022-12-16T13:00:42.459Z

Modified

2025-12-04T10:38:52.923940Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

BigBlueButton contains Improper Preservation of Permissions for whiteboard

Details

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attackers to take actions in the few seconds after their access is revoked. The attacker must be a meeting participant. This issue is patched in version 2.4.3 an version 2.5-alpha-1

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41963.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-281"
    ]
}

References

Affected packages

Git / github.com/bigbluebutton/bigbluebutton

Affected ranges

Type: GIT
Repo: https://github.com/bigbluebutton/bigbluebutton
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e7773468fb45d86200ae28bdf8c39f4ba487cf88

Affected versions

0.*

0.81-dev-deskshare-fixes-compatible-with-0.8

2.*

2.2-beta-10

2.2-beta-11

2.2-beta-12

2.2-beta-14

2.2-beta-15

2.2-beta-16

2.2-beta-17

2.2-beta-18

2.2-beta-19

2.2-beta-2

2.2-beta-20

2.2-beta-21

2.2-beta-22

2.2-beta-23

2.2-beta-3

2.2-beta-4

2.2-beta-5

2.2-beta-6

2.2-beta-7

2.2-beta-8

2.2-beta-9

2.2-rc-1

2.2-rc-2

2.2-rc-3

2.2-rc-4

2.2-rc-5

2.2-rc-6

2.4-rc-2

Other

dcs-2-a

pre-recording-merge

v0.*

v0.7

v0.71

v0.71a

v0.8

v0.81

v0.81b

v0.81rc

v0.81rc2

v0.81rc3

v0.81rc4

v0.81rc5

v0.8b4

v0.8b4.0

v0.8rc2

v0.9.0-beta

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v2.*

v2.0-rc2

v2.0-rc3

v2.0-rc4

v2.0-rc5

v2.0-rc6

v2.0-rc7

v2.0.x-html5-beta1

v2.2.0

v2.2.1

v2.2.10

v2.2.11-good

v2.2.12

v2.2.14

v2.2.15

v2.2.16

v2.2.17

v2.2.18

v2.2.19

v2.2.2

v2.2.20

v2.2.21

v2.2.22

v2.2.23

v2.2.24

v2.2.25

v2.2.26

v2.2.27

v2.2.28

v2.2.29

v2.2.3

v2.2.30

v2.2.31

v2.2.32

v2.2.33

v2.2.34

v2.2.35

v2.2.36

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3-alpha-1

v2.3-alpha-2

v2.3-alpha-3

v2.3-alpha-4

v2.3-alpha-5

v2.3-alpha-6

v2.3-alpha-7

v2.3-alpha-8

v2.3-beta-1

v2.3-beta-2

v2.3-beta-3

v2.3-beta-4

v2.3-beta-5

v2.3-rc-1

v2.3-rc-2

v2.3.0

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4-alpha-1

v2.4-alpha-2

v2.4-beta-1

v2.4-beta-2

v2.4-beta-3

v2.4-beta-4

v2.4-rc-1

v2.4-rc-3

v2.4-rc-4

v2.4-rc-5

v2.4-rc-6

v2.4-rc-7

v2.4.0

v2.4.1

v2.4.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41963.json"